ClawHub
Back to skill

Security audit

Novel Scraper Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed novel-scraping skill that fetches web pages and saves local output, with some normal privacy and disk-use risks for that purpose.

Install only if you are comfortable with the skill fetching user-supplied web pages and saving downloaded novel text plus progress files locally. Use SPA/browser mode only for sites that require it, avoid private/internal/authenticated URLs, and periodically clean the output directory if disk usage or shared-machine privacy matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def fetch_with_browser(url):
    """使用浏览器工具获取页面(SPA 支持)"""
    try:
        result = subprocess.run(
            ["openclaw", "browser", "fetch", "--url", url, "--wait", "2000"],
            capture_output=True,
            text=True,
Confidence
91% confidence
Finding
result = subprocess.run( ["openclaw", "browser", "fetch", "--url", url, "--wait", "2000"], capture_output=True, text=True, timeout=30, )

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The scraper performs more than passive downloading by invoking additional local programs and a browser-fetch command against untrusted URLs. In this context, that materially increases exposure because a novel-scraping tool is expected to fetch text, not drive auxiliary tooling that can access internal network resources or process active web content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states that scraped content is saved under a persistent workspace path, and elsewhere references persistent progress state, but it does not clearly warn users that local files will be created by default. This can expose sensitive filenames, consume disk space, or leave behind persisted content and state unexpectedly on shared systems.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The browser-based SPA mode changes the network behavior of the skill by driving a browser to load and render additional content, but the documentation does not warn users about the expanded privacy and tracking surface. In practice this can trigger extra requests, execute site-side scripts in the browser context, and expose more metadata than simple HTTP fetching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal